CVE-2024-0471

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 12, 2024

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2024-0471 is a newly disclosed critical vulnerability affecting the Human Resource Integrated System 1.0 developed by code-projects. The issue lies in the file /admin_route/dec_service_credits.php, where a sql injection vulnerability is discovered. An attacker can manipulate the argument 'date' to inject malicious SQL queries, which can be exploited remotely. This vulnerability, identified as VDB-250576, has been made public and may be exploited, posing a significant risk to systems running this software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Code Projects

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uHmRT2
https://www.cve.org/CVERecord?id=CVE-2024-0471
https://nvd.nist.gov/vuln/detail/CVE-2024-0471

Back to Vulnerability Database

CVE-2024-0471

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations